New Android ransomware campaign making the rounds

Ransomware is being circulated in a new spam attack, according to researchers at BitDefender.

The emails, originating from the Ukraine, contain an APK file that purports to be an Adobe Flash Player update, but is actually ransomware detected as Android.Trojan.SLocker.DZ.

If the file is downloaded, a fake screen pops up with a fake FBI warning that the user has violated the law with a pornographic site and demands a $500 ransom.

The malware disables the home and navigation keys so the user cannot leave the ransom screen, and added that it will run when the system boots, meaning restarting the device will not help.

Bogdan Botezatu, senior e-threat analyst with Bitdefender, said: “This approach is extremely effective, apparently, because it succeeds in denying the user access to the device. Unlike file-encrypting Android ransomware, this type of malware requires less permissions – [primarily,] it does not need device administrator permissions – [making] its installation much less suspicious.”

Botezatu said that a user can boot their device in safe mode, navigate to the application manager, remove the offending application, and boot up their phone again normally. Additionally, users can disable or uninstall the malware by issuing a command from their PC so long as Android Debug Bridge is enabled on the device.